ACM Computing Surveys (CSUR)
Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Difficulties in simulating the internet
IEEE/ACM Transactions on Networking (TON)
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
Towards NIC-based intrusion detection
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
A holistic approach to service survivability
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
Detecting mass-mailing worm infected hosts by mining DNS traffic data
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Summarization — Compressing Data into an Informative Representation
ICDM '05 Proceedings of the Fifth IEEE International Conference on Data Mining
Can machine learning be secure?
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Fast Distributed Outlier Detection in Mixed-Attribute Data Sets
Data Mining and Knowledge Discovery
IEEE Transactions on Dependable and Secure Computing
Computational aspects of mining maximal frequent patterns
Theoretical Computer Science
Analyzing and evaluating dynamics in stide performance for intrusion detection
Knowledge-Based Systems
Learning DFA representations of HTTP for protecting web applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
Network anomaly detection based on TCM-KNN algorithm
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Adaptive anomaly detection with evolving connectionist systems
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Network anomaly detection with incomplete audit data
Computer Networks: The International Journal of Computer and Telecommunications Networking
Summarization – compressing data into an informative representation
Knowledge and Information Systems
Trace anomalies as precursors of field failures: an empirical study
Empirical Software Engineering
Fast detection of database system abuse behaviors based on data mining approach
Proceedings of the 2nd international conference on Scalable information systems
ULISSE, a network intrusion detection system
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Network Anomaly Detection Based on DSOM and ACO Clustering
ISNN '07 Proceedings of the 4th international symposium on Neural Networks: Part II--Advances in Neural Networks
Automatic feature selection for anomaly detection
Proceedings of the 1st ACM workshop on Workshop on AISec
A Data Mining Methodology for Anomaly Detection in Network Data
KES '07 Knowledge-Based Intelligent Information and Engineering Systems and the XVII Italian Workshop on Neural Networks on Proceedings of the 11th International Conference
WI-IAT '08 Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 02
Incorporation of Application Layer Protocol Syntax into Anomaly Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
A hybrid intrusion detection system design for computer network security
Computers and Electrical Engineering
ACM Computing Surveys (CSUR)
RE2-CD: Robust and Energy Efficient Cut Detection in Wireless Sensor Networks
WASA '09 Proceedings of the 4th International Conference on Wireless Algorithms, Systems, and Applications
Active and Semi-supervised Data Domain Description
ECML PKDD '09 Proceedings of the European Conference on Machine Learning and Knowledge Discovery in Databases: Part I
Feature Selection for Density Level-Sets
ECML PKDD '09 Proceedings of the European Conference on Machine Learning and Knowledge Discovery in Databases: Part I
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Improvement in intrusion detection with advances in sensor fusion
IEEE Transactions on Information Forensics and Security
Mathematical analysis of sensor fusion for intrusion detection systems
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
An efficient network intrusion detection
Computer Communications
TCM-KNN algorithm for supervised network intrusion detection
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Comparing anomaly detection techniques for HTTP
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Discovering emerging patterns for anomaly detection in network connection data
ISMIS'08 Proceedings of the 17th international conference on Foundations of intelligent systems
PAID: packet analysis for anomaly intrusion detection
PAKDD'08 Proceedings of the 12th Pacific-Asia conference on Advances in knowledge discovery and data mining
Improved unsupervised anomaly detection algorithm
RSKT'08 Proceedings of the 3rd international conference on Rough sets and knowledge technology
Automatically generating models for botnet detection
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Cyber-critical infrastructure protection using real-time payload-based anomaly detection
CRITIS'09 Proceedings of the 4th international conference on Critical information infrastructures security
The use of artificial intelligence based techniques for intrusion detection: a review
Artificial Intelligence Review
Distance-based outlier detection: consolidation and renewed bearing
Proceedings of the VLDB Endowment
A misleading attack against semi-supervised learning for intrusion detection
MDAI'10 Proceedings of the 7th international conference on Modeling decisions for artificial intelligence
Classifier evaluation and attribute selection against active adversaries
Data Mining and Knowledge Discovery
Learning web application firewall - benefits and caveats
ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
Redesign and implementation of evaluation dataset for intrusion detection system
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
M of N features vs. intrusion detection
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and its Applications - Volume Part I
A new network anomaly detection technique based on per-flow and per-service statistics
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Neural network techniques for host anomaly intrusion detection using fixed pattern transformation
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
SVM approach with a genetic algorithm for network intrusion detection
ISCIS'05 Proceedings of the 20th international conference on Computer and Information Sciences
Auto-generation of detection rules with tree induction algorithm
FSKD'05 Proceedings of the Second international conference on Fuzzy Systems and Knowledge Discovery - Volume Part II
Model generalization and its implications on intrusion detection
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Applying genetic programming to evolve learned rules for network anomaly detection
ICNC'05 Proceedings of the First international conference on Advances in Natural Computation - Volume Part III
An adaptive network intrusion detection method based on PCA and support vector machines
ADMA'05 Proceedings of the First international conference on Advanced Data Mining and Applications
USAID: unifying signature-based and anomaly-based intrusion detection
PAKDD'05 Proceedings of the 9th Pacific-Asia conference on Advances in Knowledge Discovery and Data Mining
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Intrusion detection based on dynamic self-organizing map neural network clustering
ISNN'05 Proceedings of the Second international conference on Advances in Neural Networks - Volume Part III
Anomaly internet network traffic detection by kernel principle component classifier
ISNN'05 Proceedings of the Second international conference on Advances in Neural Networks - Volume Part III
Model redundancy vs. intrusion detection
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Enhanced network traffic anomaly detector
ICDCIT'05 Proceedings of the Second international conference on Distributed Computing and Internet Technology
Anomaly detection methods in wired networks: a survey and taxonomy
Computer Communications
Automatic network intrusion detection: Current techniques and open issues
Computers and Electrical Engineering
Sampling attack against active learning in adversarial environment
MDAI'12 Proceedings of the 9th international conference on Modeling Decisions for Artificial Intelligence
Review: A review of novelty detection
Signal Processing
Hi-index | 0.00 |
Traditional intrusion detection systems (IDS) detect attacks by comparing current behavior to signatures of known attacks. One main drawback is the inability of detecting new attacks which do not have known signatures. In this paper we propose a learning algorithm that constructs models of normal behavior from attack-free network traffic. Behavior that deviates from the learned normal model signals possible novel attacks. Our IDS is unique in two respects. First, it is nonstationary, modeling probabilities based on the time since the last event rather than on average rate. This prevents alarm floods. Second, the IDS learns protocol vocabularies (at the data link through application layers) in order to detect unknown attacks that attempt to exploit implementation errors in poorly tested features of the target software. On the 1999 DARPA IDS evaluation data set [9], we detect 70 of 180 attacks (with 100 false alarms), about evenly divided between user behavioral anomalies (IP addresses and ports, as modeled by most other systems) and protocol anomalies. Because our methods are unconventional there is a significant non-overlap of our IDS with the original DARPA participants, which implies that they could be combined to increase coverage.